WEB APPLICATION VULNERABILITIES Standard & Premium

Django Improper Input Validation Vulnerability (CVE-2011-4136)

Description

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.

Remediation

References

Related Vulnerabilities

MySQL CVE-2019-2536 Vulnerability (CVE-2019-2536)

WordPress Plugin All-in-One Video Gallery Local File Inclusion (2.4.9)

WordPress Plugin amr shortcode any widget Cross-Site Scripting (4.0)

CherryPy Other Vulnerability (CVE-2006-0847)

WordPress Plugin Ultimate Gift Cards For WooCommerce Cross-Site Request Forgery (2.1.1)

Severity

Medium

Classification

CVE-2011-4136 CWE-20

Tags

Missing Update Known Vulnerabilities